The EU's current data protection laws date from 1995, before the internet came into widespread use and mobile phones were not as common.
A lot has changed since 1995: Today mobile phones are common, people access data via their smartphones and tablets, and data is stored in the cloud. Personal data like e.g. name, address, date of birth, telephone numbers and pictures are shared on daily basis, whether to open a bank account, book a flight, apply for a job or to get a fitness card.
Time for an update
On December 15th 2015, the European Union officials have reached an agreement on a new European digital-privacy law, the General Data Protection Regulation (GDPR).
The texts of the regulation must be definitively approved by the European Parliament and EU and the Regulation is planned to take effect after a transition period of two years.
The regulation is applicable if the data controller (enterprises that own the data) or data processor (e.g. cloud provider) or the data subject (person) is based in the EU.
The Regulation also applies to organizations based outside the European Union if they process personal data of EU residents.